<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第157期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第157期）</strong></h5>
<blockquote> 2017/02/27-2017/03/05</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>Seebug漏洞平台2016十大漏洞<br><a target="_blank" href="http://weibo.com/ttarticle/p/show?id=2309404079780348744123">http://weibo.com/ttarticle/p/show?id=2309404079780348744123</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>川普已被玩坏：头像被敲诈病毒拿来恶搞<br><a target="_blank" href="http://www.mottoin.com/97208.html">http://www.mottoin.com/97208.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>黑客小说 杀手（第十四章 暗流）<br><a target="_blank" href="http://www.jianshu.com/p/6a25f14a42de">http://www.jianshu.com/p/6a25f14a42de</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>美国国土安全部使用网络杀伤链分析总统大选黑客事件<br><a target="_blank" href="http://www.aqniu.com/industry/23163.html">http://www.aqniu.com/industry/23163.html</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>瑞星反诈骗报告：不法分子利用“高额奖金”骗取用户隐私信息<br><a target="_blank" href="http://www.mottoin.com/97439.html">http://www.mottoin.com/97439.html</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>波音公司员工泄露了36000名同事的个人信息<br><a target="_blank" href="http://www.mottoin.com/97371.html">http://www.mottoin.com/97371.html</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>Palo Alto 1.05 亿美元收购 LightCyber 增加行为攻击检测能力<br><a target="_blank" href="http://app.myzaker.com/news/article.php?pk=58b649b11bc8e0b562000001">http://app.myzaker.com/news/article.php?pk=58b649b11bc8e0b562000001</a></div><div class="single"><span id="tags">[书籍]&nbsp;&nbsp;</span>腾讯CTF（TCTF）大赛正式启航，国际顶级高手等你来战！<br><a target="_blank" href="http://mp.weixin.qq.com/s/vTt-KHFwE7hrvnPwLFiEGQ">http://mp.weixin.qq.com/s/vTt-KHFwE7hrvnPwLFiEGQ</a></div><div class="single"><span id="tags">[法规]&nbsp;&nbsp;</span>网络空间国际合作战略（全文）<br><a target="_blank" href="http://news.xinhuanet.com/politics/2017-03/01/c_1120552767.htm">http://news.xinhuanet.com/politics/2017-03/01/c_1120552767.htm</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>Google Summer of Code 2017<br><a target="_blank" href="https://summerofcode.withgoogle.com/">https://summerofcode.withgoogle.com/</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>新型Web攻击技术——Web缓存欺骗<br><a target="_blank" href="http://www.4hou.com/technology/3536.html">http://www.4hou.com/technology/3536.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Phantomjs性能优化<br><a target="_blank" href="http://thief.one/2017/03/01/Phantomjs%E6%80%A7%E8%83%BD%E4%BC%98%E5%8C%96/">http://thief.one/2017/03/01/Phantomjs%E6%80%A7%E8%83%BD%E4%BC%98%E5%8C%96/</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>安全情报中心与红蓝军对抗演习<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzI0NTAwNjMwOA==&amp;mid=2650685700&amp;idx=3&amp;sn=8cceaf131a280618abaff340c63a5079&amp;scene=0#wechat_redirect">http://mp.weixin.qq.com/s?__biz=MzI0NTAwNjMwOA==&amp;mid=2650685700&amp;idx=3&amp;sn=8cceaf131a280618abaff340c63a5079&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>NodeJS反序列化RCE漏洞的完美利用<br><a target="_blank" href="http://www.4hou.com/technology/3457.html">http://www.4hou.com/technology/3457.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Web Cache Deception Attack<br><a target="_blank" href="http://omergil.blogspot.jp/2017/02/web-cache-deception-attack.html">http://omergil.blogspot.jp/2017/02/web-cache-deception-attack.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>在 Windows 10 的 Linux 子系统（WSL）中运行 Kali<br><a target="_blank" href="http://www.mottoin.com/97429.html">http://www.mottoin.com/97429.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>BurpSmartBuster：用于收集与发现文件目录和后缀的插件<br><a target="_blank" href="http://www.mottoin.com/97437.html">http://www.mottoin.com/97437.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Mysql数据库反弹端口连接提权<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/774.html">https://xianzhi.aliyun.com/forum/read/774.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Undocumented Backdoor Account in DBLTek GoIP<br><a target="_blank" href="https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/">https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>我眼中的渗透测试信息搜集<br><a target="_blank" href="http://bbs.ichunqiu.com/thread-16020-1-1.html">http://bbs.ichunqiu.com/thread-16020-1-1.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>JEXBOSS V1.2.0 – JBOSS VERIFY AND EXPLOITATION TOOL<br><a target="_blank" href="http://seclist.us/jexboss-v1-2-0-jboss-verify-and-exploitation-tool.html?utm_source=feedburner&amp;utm_medium=twitter&amp;utm_campaign=Feed%3A+seclist%2Ffeed+%28Security+List+Network%E2%84%A2%29">http://seclist.us/jexboss-v1-2-0-jboss-verify-and-exploitation-tool.html?utm_source=feedburner&amp;utm_medium=twitter&amp;utm_campaign=Feed%3A+seclist%2Ffeed+%28Security+List+Network%E2%84%A2%29</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>DokuWiki fetch.php SSRF漏洞与tok安全验证绕过分析<br><a target="_blank" href="http://paper.seebug.org/230/">http://paper.seebug.org/230/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>企业安全建设之搭建开源SIEM平台（下）<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIwOTc0MDU3NA==&amp;mid=2247483849&amp;idx=1&amp;sn=89a85be39223b04ac8badfb0860189d7&amp;chksm=976e77b8a019feae05526ed8a2b172a38ffc6509f3c17dad52d468921879519a00d72164e1f2&amp;scene=0&amp;key=6f882f576ea60105653bf2dcfd57266b9c173d37869ecc04">https://mp.weixin.qq.com/s?__biz=MzIwOTc0MDU3NA==&amp;mid=2247483849&amp;idx=1&amp;sn=89a85be39223b04ac8badfb0860189d7&amp;chksm=976e77b8a019feae05526ed8a2b172a38ffc6509f3c17dad52d468921879519a00d72164e1f2&amp;scene=0&amp;key=6f882f576ea60105653bf2dcfd57266b9c173d37869ecc04</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>解密 RubyEncoder<br><a target="_blank" href="http://blog.fatezero.org/2017/02/26/decrypt-rubyencoder/">http://blog.fatezero.org/2017/02/26/decrypt-rubyencoder/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>cgPwn：用于硬件安全测试（Fuzzing，SymEx，Exploit）的轻量级虚拟机<br><a target="_blank" href="http://www.mottoin.com/97672.html">http://www.mottoin.com/97672.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>隐匿的攻击之-Domain Fronting<br><a target="_blank" href="https://evi1cg.me/archives/Domain_Fronting.html">https://evi1cg.me/archives/Domain_Fronting.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>软件定义安全白皮书PPT解读 <br><a target="_blank" href="http://blog.nsfocus.net/software-definition-security-white-paper-ppt/">http://blog.nsfocus.net/software-definition-security-white-paper-ppt/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>动态IP解决新浪的反爬虫机制<br><a target="_blank" href="https://github.com/szcf-weiya/SinaSpider">https://github.com/szcf-weiya/SinaSpider</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>一个有意思的Apple XSS（CVE-2016-7762）的 分析与思考 <br><a target="_blank" href="http://avfisher.win/archives/660">http://avfisher.win/archives/660</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>各种形式隐写工具合集<br><a target="_blank" href="http://www.mottoin.com/97414.html">http://www.mottoin.com/97414.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>一种虚拟安全控制的思路和实现<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI2MjQ1NTA4MA==&amp;mid=2247483702&amp;idx=1&amp;sn=a928648be97d24b339b597675d045daf&amp;chksm=ea4bab71dd3c2267dd5d27d6878d7e77965193c693e1d969d37df53b06cd6f556000f3e96917&amp;mpshare=1&amp;scene=1&amp;srcid=0226k0HTgcHK6Hbaj0QyJPDh&amp;key=1b5c68b">https://mp.weixin.qq.com/s?__biz=MzI2MjQ1NTA4MA==&amp;mid=2247483702&amp;idx=1&amp;sn=a928648be97d24b339b597675d045daf&amp;chksm=ea4bab71dd3c2267dd5d27d6878d7e77965193c693e1d969d37df53b06cd6f556000f3e96917&amp;mpshare=1&amp;scene=1&amp;srcid=0226k0HTgcHK6Hbaj0QyJPDh&amp;key=1b5c68b</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Mobile-Security-Framework-MobSF<br><a target="_blank" href="https://github.com/MobSF/Mobile-Security-Framework-MobSF">https://github.com/MobSF/Mobile-Security-Framework-MobSF</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>python 自动化运维模块收集<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzI2MjA5MjUwMQ==&amp;mid=2650019678&amp;idx=1&amp;sn=ee1eb3d847553e4dbbea56b40516cb03&amp;chksm=f250d4e4c5275df23dc139b8ac07301aea727ec76210de0415bb2ff71b342891b3a9a7def4df&amp;mpshare=1&amp;scene=23&amp;srcid=0302uyBJiutYubn5JIUxm76F%23rd">http://mp.weixin.qq.com/s?__biz=MzI2MjA5MjUwMQ==&amp;mid=2650019678&amp;idx=1&amp;sn=ee1eb3d847553e4dbbea56b40516cb03&amp;chksm=f250d4e4c5275df23dc139b8ac07301aea727ec76210de0415bb2ff71b342891b3a9a7def4df&amp;mpshare=1&amp;scene=23&amp;srcid=0302uyBJiutYubn5JIUxm76F%23rd</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>第三届XCTF——郑州站ZCTF第一名战队Writeup<br><a target="_blank" href="http://bobao.360.cn/ctf/detail/186.html">http://bobao.360.cn/ctf/detail/186.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Ponemon：优化SIEM时所面临的挑战<br><a target="_blank" href="http://yepeng.blog.51cto.com/3101105/1903177">http://yepeng.blog.51cto.com/3101105/1903177</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>KindEditor开源富文本编辑框架XSS漏洞<br><a target="_blank" href="http://www.freebuf.com/articles/web/128076.html">http://www.freebuf.com/articles/web/128076.html</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>注意，你注册的假1024可能就是它<br><a target="_blank" href="http://weibo.com/ttarticle/p/show?id=2309404080137598567962">http://weibo.com/ttarticle/p/show?id=2309404080137598567962</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>六种常用的网络流量特征提取工具<br><a target="_blank" href="http://mp.weixin.qq.com/s/QsteT_86uwViXSFXspJHJQ">http://mp.weixin.qq.com/s/QsteT_86uwViXSFXspJHJQ</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Termineter – Smart Meter Security Testing Framework<br><a target="_blank" href="http://www.darknet.org.uk/2017/02/termineter-smart-meter-security-testing-framework/">http://www.darknet.org.uk/2017/02/termineter-smart-meter-security-testing-framework/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Phishers unleash simple but effective social engineering techniques using PDF at<br><a target="_blank" href="https://blogs.technet.microsoft.com/mmpc/2017/01/26/phishers-unleash-simple-but-effective-social-engineering-techniques-using-pdf-attachments/?platform=hootsuite">https://blogs.technet.microsoft.com/mmpc/2017/01/26/phishers-unleash-simple-but-effective-social-engineering-techniques-using-pdf-attachments/?platform=hootsuite</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>企业安全建设之浅谈数据防泄露<br><a target="_blank" href="http://mp.weixin.qq.com/s/vbTxrkLXu1ES4mqetNuY_Q">http://mp.weixin.qq.com/s/vbTxrkLXu1ES4mqetNuY_Q</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>MySQL Sniffer :基于 MySQL 协议的抓包工具<br><a target="_blank" href="https://github.com/Qihoo360/mysql-sniffer/blob/master/README_CN.md">https://github.com/Qihoo360/mysql-sniffer/blob/master/README_CN.md</a></div><div class="single"><span id="tags">[杂志]&nbsp;&nbsp;</span>SecWiki周刊（第156期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/156">https://www.sec-wiki.com/weekly/156</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>FileSensor：基于爬虫的动态敏感文件探测工具<br><a target="_blank" href="http://www.mottoin.com/97353.html">http://www.mottoin.com/97353.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>保护内网安全之提高Windows AD安全性 （二）<br><a target="_blank" href="http://www.4hou.com/technology/3455.html">http://www.4hou.com/technology/3455.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>全球MySQL数据库沦为新一轮勒索软件攻击目标<br><a target="_blank" href="http://www.4hou.com/info/news/3523.html">http://www.4hou.com/info/news/3523.html</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>低成本安全硬件（二）——RFID on PN532 <br><a target="_blank" href="http://jia1s.info/rfid-on-rpi/">http://jia1s.info/rfid-on-rpi/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>php代码审计之弱类型引发的灾难 <br><a target="_blank" href="http://blog.topsec.com.cn/ad_lab/php%e4%bb%a3%e7%a0%81%e5%ae%a1%e8%ae%a1%e4%b9%8b%e5%bc%b1%e7%b1%bb%e5%9e%8b%e5%bc%95%e5%8f%91%e7%9a%84%e7%81%be%e9%9a%be/">http://blog.topsec.com.cn/ad_lab/php%e4%bb%a3%e7%a0%81%e5%ae%a1%e8%ae%a1%e4%b9%8b%e5%bc%b1%e7%b1%bb%e5%9e%8b%e5%bc%95%e5%8f%91%e7%9a%84%e7%81%be%e9%9a%be/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>百度旗下网站暗藏恶意代码——劫持用户电脑疯狂“收割”流量<br><a target="_blank" href="http://www.4hou.com/technology/3546.html">http://www.4hou.com/technology/3546.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>恶意软件分析大合集<br><a target="_blank" href="https://github.com/rshipp/awesome-malware-analysis/blob/master/%E6%81%B6%E6%84%8F%E8%BD%AF%E4%BB%B6%E5%88%86%E6%9E%90%E5%A4%A7%E5%90%88%E9%9B%86.md">https://github.com/rshipp/awesome-malware-analysis/blob/master/%E6%81%B6%E6%84%8F%E8%BD%AF%E4%BB%B6%E5%88%86%E6%9E%90%E5%A4%A7%E5%90%88%E9%9B%86.md</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>巡风在隔离网络环境下的离线更新方案<br><a target="_blank" href="http://www.mottoin.com/97143.html">http://www.mottoin.com/97143.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Phantomjs爬过的那些坑<br><a target="_blank" href="http://thief.one/2017/03/01/Phantomjs%E7%88%AC%E8%BF%87%E7%9A%84%E9%82%A3%E4%BA%9B%E5%9D%91/">http://thief.one/2017/03/01/Phantomjs%E7%88%AC%E8%BF%87%E7%9A%84%E9%82%A3%E4%BA%9B%E5%9D%91/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android 渗透测试学习手册（九）编写渗透测试报告<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458282109&amp;idx=2&amp;sn=a31aaf55970d2b58d2231406feccaa12&amp;scene=0#wechat_redirect">http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458282109&amp;idx=2&amp;sn=a31aaf55970d2b58d2231406feccaa12&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>FB Event Map API<br><a target="_blank" href="https://github.com/mromnia/fb_event_map">https://github.com/mromnia/fb_event_map</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Flask的url_for重定向问题和相应源码分析<br><a target="_blank" href="http://jiayi.space/post/flaskde-url_forzhong-ding-xiang-wen-ti-he-xiang-ying-yuan-ma-fen-xi">http://jiayi.space/post/flaskde-url_forzhong-ding-xiang-wen-ti-he-xiang-ying-yuan-ma-fen-xi</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6<br><a target="_blank" href="http://seclists.org/fulldisclosure/2017/Feb/68">http://seclists.org/fulldisclosure/2017/Feb/68</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>实战NTP放大攻击防御方案<br><a target="_blank" href="https://dev.21ds.cn/article/41.html">https://dev.21ds.cn/article/41.html</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>区块链资料<br><a target="_blank" href="https://github.com/gymgle/blockchain-reference">https://github.com/gymgle/blockchain-reference</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>对 Parrot SkyController 无人机固件的逆向工程<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458282109&amp;idx=1&amp;sn=81a84f51043fbed4c391ab4cc3d9d293&amp;scene=0#wechat_redirect">http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458282109&amp;idx=1&amp;sn=81a84f51043fbed4c391ab4cc3d9d293&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>回归一线应用运维的底线——先做好最基本的事<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzI2MjA5MjUwMQ==&amp;mid=2650019691&amp;idx=1&amp;sn=7551ccef5346fe2e76633b4206291e66&amp;chksm=f250d4d1c5275dc7496c8dc9c5677e8b29ae266e7b255b2576a9b3b59e6bd069f23faea23885&amp;mpshare=1&amp;scene=23&amp;srcid=0302IbxcJvZl15fh7D4uVeQN%23rd">http://mp.weixin.qq.com/s?__biz=MzI2MjA5MjUwMQ==&amp;mid=2650019691&amp;idx=1&amp;sn=7551ccef5346fe2e76633b4206291e66&amp;chksm=f250d4d1c5275dc7496c8dc9c5677e8b29ae266e7b255b2576a9b3b59e6bd069f23faea23885&amp;mpshare=1&amp;scene=23&amp;srcid=0302IbxcJvZl15fh7D4uVeQN%23rd</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Xpath Automated SQL Injection<br><a target="_blank" href="https://github.com/r0oth3x49/Xpath">https://github.com/r0oth3x49/Xpath</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>An advanced fuzzing framework designed to find vulnerabilities in C/C++ code<br><a target="_blank" href="https://github.com/oxagast/ansvif">https://github.com/oxagast/ansvif</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Gathering Email Information Tool<br><a target="_blank" href="https://github.com/m4ll0k/infoga">https://github.com/m4ll0k/infoga</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SQL Injection Vulnerability in NextGEN Gallery for WordPress<br><a target="_blank" href="https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html">https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Bypassing User Account Control (UAC) using TpmInit.exe<br><a target="_blank" href="http://uacmeltdown.blogspot.jp/">http://uacmeltdown.blogspot.jp/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>基于Jenkins和Kubernetes的CI工作流<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzA5OTAyNzQ2OA==&amp;mid=2649693456&amp;idx=1&amp;sn=b36ed8057c23113da2396b77208689f1&amp;scene=0#wechat_redirect">http://mp.weixin.qq.com/s?__biz=MzA5OTAyNzQ2OA==&amp;mid=2649693456&amp;idx=1&amp;sn=b36ed8057c23113da2396b77208689f1&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>nosqlinjection_wordlists: payload to test NoSQL Injections<br><a target="_blank" href="https://github.com/cr0hn/nosqlinjection_wordlists">https://github.com/cr0hn/nosqlinjection_wordlists</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>AWS gamified security challenges<br><a target="_blank" href="http://flaws.cloud/">http://flaws.cloud/</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>互联网定位技术小谈<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/775.html">https://xianzhi.aliyun.com/forum/read/775.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Profiling a .NET Core Application on Linux <br><a target="_blank" href="http://blogs.microsoft.co.il/sasha/2017/02/27/profiling-a-net-core-application-on-linux/">http://blogs.microsoft.co.il/sasha/2017/02/27/profiling-a-net-core-application-on-linux/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Getting read access on TGI Friday’s online ordering system<br><a target="_blank" href="https://www.adamlogue.com/getting-read-access-on-tgi-fridays-online-ordering-system-fixed/">https://www.adamlogue.com/getting-read-access-on-tgi-fridays-online-ordering-system-fixed/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token<br><a target="_blank" href="https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/">https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>subdomain3:a simple and fast tool for bruting subdomains<br><a target="_blank" href="https://github.com/yanxiu0614/subdomain3">https://github.com/yanxiu0614/subdomain3</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>The Evolution of Mobile Security Through the Years 地址位置 应用 摄像头<br><a target="_blank" href="https://securingtomorrow.mcafee.com/consumer/mobile-security/mobile-security-evolution/">https://securingtomorrow.mcafee.com/consumer/mobile-security/mobile-security-evolution/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Password History Analysis <br><a target="_blank" href="https://blog.didierstevens.com/2017/02/28/password-history-analysis/">https://blog.didierstevens.com/2017/02/28/password-history-analysis/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>通过双重跳板漫游隔离内网<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/768.html">https://xianzhi.aliyun.com/forum/read/768.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Two new Mac backdoors discovered<br><a target="_blank" href="https://blog.malwarebytes.com/cybercrime/2017/03/two-new-mac-backdoors-discovered/">https://blog.malwarebytes.com/cybercrime/2017/03/two-new-mac-backdoors-discovered/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Ok Google, Give Me All Your Internal DNS Information!<br><a target="_blank" href="https://www.rcesecurity.com/2017/03/ok-google-give-me-all-your-internal-dns-information/">https://www.rcesecurity.com/2017/03/ok-google-give-me-all-your-internal-dns-information/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>机器人也饱受安全漏洞折磨<br><a target="_blank" href="http://mp.weixin.qq.com/s/4DWp9K8GsJm_6ymiiAlerQ">http://mp.weixin.qq.com/s/4DWp9K8GsJm_6ymiiAlerQ</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Detecting and Preventing Spear Pishing Attacks Using DNS<br><a target="_blank" href="https://n0where.net/domain-name-typosquatting-crazyparser/">https://n0where.net/domain-name-typosquatting-crazyparser/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android 渗透测试学习手册（七）不太知名的 Android 漏洞<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458282104&amp;idx=1&amp;sn=00918a40555200377ec83a20b6f86101&amp;scene=0#wechat_redirect">http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458282104&amp;idx=1&amp;sn=00918a40555200377ec83a20b6f86101&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android 渗透测试学习手册（八）ARM 利用<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458282106&amp;idx=1&amp;sn=5e9e02864dfedfd3d8a69e8a693ce18e&amp;scene=0#wechat_redirect">http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458282106&amp;idx=1&amp;sn=5e9e02864dfedfd3d8a69e8a693ce18e&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Mobile malware evolution 2016 移动恶意分析总结<br><a target="_blank" href="https://securelist.com/analysis/kaspersky-security-bulletin/77681/mobile-malware-evolution-2016/">https://securelist.com/analysis/kaspersky-security-bulletin/77681/mobile-malware-evolution-2016/</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>Useful Windows Command Line Tricks<br><a target="_blank" href="http://blog.kulshitsky.com/2017/02/useful-windows-command-line-tricks.html?m=1">http://blog.kulshitsky.com/2017/02/useful-windows-command-line-tricks.html?m=1</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/157">SecWiki周刊(第157期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
